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(54) Data network security system and method 

(57) A secure communication mechanism for com- 
municating credit card or other sensitive information 
between a user terminal (104) and a server (101) which 
communicate over a data network (e.g., Internet) (102). 
For secure or private communication of sensitive infor- 
mation over a data network, a telephone connection is 
established between the originating server (107) to 
which the user is connected for access to the data net- 
work and the SP (101) to which the sensitive informa- 
tion is directed. The method and system provide for a 



secure electronic commercial transaction between a 
user and a service provider which charges for informa- 
tion and/or services and/or goods, wherein sensitive 
information includes credit card information transmitted 
from the user to the service provider, and/or electronic 
information or services transmitted from the service pro- 
vider to the user in exchange for payment received from 
the user. 
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Description 
Technicai Field 

This invention relates generally to secure communi- 
cations over data networks, and particularly to a method 
for secure transactions for information, interactive serv- 
ices, and secure payment for other services and goods 
that may be purchased over data networks. 

Background of the Invention 

Currentiy, a multitude of services are availatde to 
users over data networks such as tiie Internet These 
services include information and interactive services 
deliverable over the networK and goods arxl services 
that may be shopped for and ordered over the network 
but are not deliverable over the network (e.g.. clothing, 
food. etc.). Despite the plethora of available services 
and the apparent convenience for consumers of virtual 
shopping from electronic mercharrts or service provid- 
ers (SPs), individuals are generally wary of electronic 
shopping and particularly, are reluctant to send credit 
card or other sensitive information over the Internet 
since it is well publicized that personal credit card infor- 
mation shouki not be transmitted over a public data net- 
work, which may be subject to unauthorized access. It is 
also well publicized that individuals have cracked secu- 
rity coding mechanisms (e.g.. RSA encryption) used in 
commerdaJ software for secure communications on the 
Internet It is therefore possible, for instance, that while 
en route to a targeted SP. encrypted credit card or other 
sensitive information may be intercepted at intervening 
routers by "hackers'* or other eavesdroppers, who can 
decrypt the information. 

Some providers of "non-electronically'* delivered 
goods or services (e.g,, goods delivered off-line; e.g., 
food, clothing, etc.) provide an option for avoiding send- 
ing ser^itive information over tiie Internet by posting 
800 telephone nunrtoers that a user later calls off-line to 
pay for the goods or services which were ordered (but 
not paid for) over the Internet This approach, however, 
is not only cumbersome, thus negating tfie appeal and 
purpose of virtual shopping and on-line purchasing of 
goods and services, but is also not suited as a payment 
method for goods and services (including information) 
which are delivered over the Internet (referred to herein- 
after as "electronic goods"), and which are preferably 
delivered interactively in one session as part of a single 
transaction. 

It may be understood tiiat the lack of a secure ti-ans- 
action mechanism limits the further development of the 
Internet, the availability of service providers to users, 
and particularly the viability of smaller SPs. It is known 
that in addition to providing gateway access to the Inter- 
net and the thousands of small service providers 
around the world, large information service providers 
such as Prodigy, America Online and Compuserve pro- 
vide their own information and interactive services. 



Users may also access the Internet and the tfiousands 
of smaller information service providers (ISPs) directiy 
through smaller user-local Internet access provkJers. 
Generally, the large information service providers bill 

5 tiieir customers on a time-usage basis after a finandal 
payment relationship has been estaljlished. witii tfie 
user/customer receiving a monthly bill which may 
include additional charges for usage of certain informa- 
tion and services and which is paid via the conventional 

10 postage system. Similarly, the smaller user-local Inter- 
net access providers usually also base their service 
charges to their subscribers for access to the Internet 
on a time-usage basis. 

The smaller ISPs, however, currentiy either do not 

75 charge for access to their information and interactive 
services, or. if they do, also require the user to establish 
some sort of financial relationship whereby the user 
subscribes to the ISP and pays a bill via the conven- 
tional postage system. A frequent user of a particular 

20 established ISP may not be adverse to establishing a 
financial relationship for payment purposes. Typically, 
however, and in accordance with a fundamental con- 
cept of using the Internet (e.g., "surfing the net" using 
Web browsers which link websites by hypertext), a user 

25 accesses many different ISPs, each on only a casual 
and often unanticipated basis, and is not likely to want 
or be able to establish a plethora of finandal relation- 
ships with so many different providers. ISPs that do or 
want to charge for access to their information and/or 

30 interactive services could do so by requiring the user to 
input tiieir credit card nuirtoer before data service is pro- 
vided. Yet as discussed above, users are loath to send- 
ing credit card information over the Internet, and 
therefore, would likely eschew such ISPs, who are typi- 

35 cally smaller ISPs. 

Accordingly, it may be appreciated that from the 
standpoint of the user/consumer, such a security and 
privacy risk effectively preempts the ostensible conven- 
ience of services available over data networks, and also 

40 limits the actual availability of information and interac- 
tive services to those which are free of charge or are 
charged within tiie purview of existing financial relation- 
ships (e.g., information from a user's service provider). 
From tfie standpoint of the SPs. tiie absence of a secure 

45 on-line billing mechanism limits the virtual marketplace, 
and its potential returns. In addition, the lack of a secure 
payment mechanism limits the number of SPs which 
can enter this marketplace, thereby limiting competition 
which would also likely benefit users/consumers., 

50 There is a need, therefore, for improved secure 
communication methods over data networks, and par- 
ticularly, for improved methods which provide enhanced 
security for users to send credit card or other sensitive 
information to Internet SPs. 

55 

Summary of the Invention 

The present invention overcomes the above, and 
other, prior art limitations by providing a secure commu- 
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nication mechanism which does not require credit card 
or other sensitive information to be transmitted over the 
data network {e.g., Internet) to a SP which charges for 
information and/or services arxJ/or goods (including 
non-electronically delivered and electronically defivered 5 
goods). In accordance with the present invention, for 
secure or private communication of sensitive infbmation 
over a data networK a telephone connection is estab- 
lished between the originating server to which the user 
is connected for access to the data network and the SP w 
to which the sensitive information is directed. 

In accordance with an errtoodiment of the invention, 
the telephone connection is established for user pay- 
ment to an ISP for receiving from the ISP information 
and/or interactive services via the data network such as is 
the Internet (i.e. electronically delivered goods or serv- 
ices) and/or for paying an ISP for non-electronically 
delivered goods or services ordered over tiie Internet 
Users access a terminating ISP server from an originat- 
ing access SP server as they usually do on a first con- 20 
nection over the Internet or any other data network via 
routing point servers, using a technology such as Web 
client/server technology. 

Any communications or transactions to a terminat- 
ing ISP server involving credit card or other sensitive 25 
information are effected, however, on a second connec- 
tion through a telephone call placed to a telephone 
number of the terminating ISP server. After receiving a 
call, and by associating such call with the user's request 
over the Internet for information and/or irrteractive serv- 30 
ices, and/or non-electronically deliverable goods or 
services, the ISP provides the user with the requested 
information and/or service, or approves delivery of the 
non-electronically deliverafcrfe goods or services. With 
the arrangement F>ayment is effected without providing 35 
credit card information via the Internet routing servers 
and without establishing a financial relationship with the 
ISP. Preferably, the communication of information over 
the telephone line between the originating server and 
the terminating ISP server is also subject to encryption. 40 

In one embodiment of the invention when, based on 
actions of the user accessing the data network via an 
originating access SP server, if a terminating ISP 
requires credit card" or sensitive information from the 
user, the terminating ISP verifies that the originating 45 
access SP server supports the security mechanism. 
Upon verification from the originating access SP server, 
the terminating ISP server reserves a telephone 
nurrtoer associated with the terminating ISP server, and 
transmits the telephone number over the data network so 
to the originating access SP server. The originating 
access SP server then calls the terminating ISP server 
via the received telephone number to establish a tele- 
phone connection. Sensitive information is then com- 
municated via the telephone connection,-after which the 55 
telephone connection is terminated. 

In another embodiment the user may selectively 
invoke secure communications (e.g. by clicking on an 
icon on the user's terminal screen) to communicate to 



tiie user's originating access SP server (or. to the termi- 
nating ISP server) that a secure communication link 
over the telephone line should be established with tfie 
terminating ISP server (originating access SP server) 
for communicating sensitive information from the user to 
the terminating ISP. The originating access SP server 
(the terminating ISP) then verifies tiiat the terminating 
ISP server (originating access SP server) supports ttie 
secure communication mechanism. Upon verification, a 
telephone connection is established between tiie origi- 
nating access SP server and tiie terminating ISP server, 
and tiie sensitive information is comnuinicated. The tel- 
ephone connection is terminated in accordance with 
user commands or the transmitted information itself. In 
a further related embodiment, when a transaction of 
sensitive information is to occur txjt the user does not 
choose to invoke a secure telephone connection for 
sending credit card information but relies on conven- 
tional mecfianisms. the terminating ISP server can initi- 
ate establishment of a secure telephone communication 
link with the originating access SP server in order to 
send electronic goods/services to the user. 

In a similar embodiment, the user's originating 
access SP server initiates establishment of a secure tel- 
ephone communication link with the terminating ISP 
server upon identifying a communication from the user 
that includes sensitive or private information. 

Brief Description of the Drawings 

The invention wil! be described in greater detail 
below by way of reference to the acconpanying draw- 
ings, wherein: 

FIG- 1 illustrates a system in accordance with the 
present invention, which provides users access to 
information and/or services on a data network, 
such as the Internet, and provides for secure com- 
nuinication of sensitive information through a tele- 
phone network for transactions involving the 
information and/or services; 
FIG. 2 illustrates functional components of an inter- 
exchange telephone network over which the tele- 
phone connection for secure communication is 
established in accordance with the present inven- 
tion; 

FIG. 3 is a functional block diagram representation 
applicable to both ISP 101 and Internet Access Pro- 
vider 107 showing the relationship between the ele- 
ments that interact with the Internet and those that 
interact with the telephone network; 
FIG. 4 is a flowchart illustrating a payment mecha- 
nism according to the data network security method 
and system of the present invention in which a 
secure telephone connection is established by initi- 
ation of ISP in recognition of certain actions by tiie 
user: arxi 

FIG. 5 is a flowchart illustrating another embodi- 
ment of the data network security method and sys- 
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tern of the present invention in which a telephone 
connection is established by initiation of Internet 
access provider in recognition of certain actions by 
the user. 

5 

Detailed Description 

With reference to FIG. 1 . a system is shown which 
provides access for users on a data network to informa- 
tion and/or interactive services, and for a secure com- io 
munication mechanism on a telephone network for the 
provision of those services. For purposes of illustration 
and clarity of exposition, it will be assumed that the data 
network is the Internet, and that the secure comnrunica- 
tion involves providing user aedit card information to a ^ is 
service provider (SP) as payment for providing informa- 
tion and/or interactive services, including electronically 
deliverable and/or non-electronically deliverable goods 
and services. It is understood, however, that the present 
invention is not limited to secure payment comn^nica- 20 
tions. or to payment for information and/or int^-active 
services only on the Internet. 

In FIG. 1. a single ISP 101 is shown connected to 
the Internet network 102. It should be appreciated, how- 
ever, that a multitude of ISPs are connected to the Inter- 25 
net ard are available for access to the multitude of users 
around tfie workJ having access to the Internet It may 
also be appredated that Internet network 102 schemat- 
ically represents an interconnection of network nodes 
which include router and/or gateway servers, which may 30 
themselves include or be part of websites and/or ISPs. 
Similarly, ISP 101 may itself include Internet router 
and/or gateway servera (Connection between tiie ISP 
101 and ttie Internet 102 is over T1 digital transmission 
facilities 103. or other high speed transmission lines. A 35 
user desiring access to the information and/or interac- 
tive services available ^over the Internet from ISP 101 
may be an individual who accesses the Internet through 
his terminal 104. Terminal 104 can be connected to the 
Internet 102 over a POTS telephone connection 105 to 40 
the user's local exchange carrier (LEG) network 106 
through a modem (not shown). From the LEG 106. con- 
nection is made to a user-local Internet access provider 
107, which provides access to the Internet over T1 dig- 
ital transmission facilities 108. Internet access provider 45 
107 can dial a telephone number for establishing a call 
via LEG 106. Similarly, ISP 101 can dial a telephone 
number for establishing a call via LEG 1 17, 

Other users may be located within a common cor- 
porate (or educational) environment 109, using, for so 
example, terminals 110. Ill and 112, which are con- 
nected to a corporate (or educational) data network 

113. Gorporate (or educational) data network 113 can 
be a local area network (LAN) or wide area network 
(WAN), which is connected to a corporate web server 55 

114. Server 114 provides its own information and/or 
interactive services to users using the terminals within 
the corporate (or educational) environment 109. while 
simultaneously being available to other users on the 



Internet. The corporate web server 1 14 is connected to 
the Internet 102 over T1 digital transmission facilities 
126 or other digital facilities. The corporate (or educa- 
tional) users can thus access the information and/or 
interactive services available on corporate web server 

1 14. or they can access over Internet 102 the informa- 
tion and/or interactive services available tiirough ISP 
101. or any other ISP connected to the Internet 102. 
although not shown in the figure. Gorporate web server 
1 14 is also connected to PBX 120. which is connected 
to LEG network 121 and to telephone set 1 19 and tele- 
phone set 1 21 , which are associated with terminals 110 
and terminal 111. respectively. Gorporate web server 
1 14 can direct PBX 120 to dial a designated telephone 
nurrtoer by means of a signal over line 123. 

LEG 106. LEG 117. and LEG 121 are each also 
connected to an interexchange (IXG) telephone network 

1 15. As known in the art. LEG networks 106, 117, and 
121 include switching systems capable of communicat- 
ing with and routing calls to and from IXG telephone net- 
work 115. 

These switching systems are stored-program con- 
trol switches which contain the service logic required to 
intercept calls which require spedal handling by the IXG 
network 1 15. and to send queries to the IXC network 
115. IXC network 115 also includes similar switching 
systems which are involved in communicating with and 
routing calls to and from LEG networks 106. 117, and 
121. and in routing calls over the IXG network 1 15. Such 
switching systems are well known and may be, for 
example, an AT&T 5ESS® switch or an AT&T No. 4 
ESS™ switch. 

IXG network 1 1 5 may also be connected to Internet 
102 over digital transmission facilities 124. FIG. 2 illus- 
trates functional conponents of IXC network 115. 
Switch 202 is coupled to LEG 106. As is well known, 
many of such switches are networked to provide com- 
munication of calls over the IXG network, and for pur- 
poses of clarity of exposition, switches networked to 
switch 202 and coupled to LEGs 117 and 121 are not 
shown in FIG. 2. A billing system 203 is associated with 
switch 202 to bill for calls routed over IXG network 1 1 5. 
In addition, web server 301 can direct a controller 302 to 
place a call through the switch 202. 

As previously discussed, charging for the informa- 
tion and/or interactive services that can be provided to a 
user from an ISP. such as ISP 101 . can present a prob- 
lem if the user has not established a finandal billing 
relationship with tiie ISP. Establishing such a relation- 
ship, or alternatively arranging payment by credit card 
over the Internet is likely to impose an impediment to a 
user who desires to access ISP 101. Generally, 
because of the lack of an acceptable, secure payment 
mechanism, many ISPs today do not charge for access 
to their information and/or interactive services, even 
though a substantial benefit is provided to their users. 
Thus, the establishment of a simple, secure payment 
mechanism can be of substantial financial value to an 
ISP who may receive hundreds, if not thousarKls. of 
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requests for information and/or interactive services 
each day. Furthermore, charging the user a fair fee for 
access to information and/or interactive services that 
users consider of value will not likely hirxJer the user 
from accessing the ISP that n\ay have previously pro- 5 
vided free access. Moreover, many smaller ISPs which 
previously requested credit card information for access- 
ing their services, may experience increased requests 
and concomitant payment for their information because 
users will not be disinclined to send credit card irrforma- w 
tion for payment. The increased demand may encour- 
age further entry of new SPs into the market,. and thus 
may reduce user/consumer costs by increasing compe- 
tition. 

In accordance with the present invention, communi- is 
cation of credit card or other sensitive information 
(including electronically deliverable goods/services) 
between a user and an ISP on the Internet (or other 
data network) is effected by a separate telephone call 
connection (i.e., over the public switched telephone net- 20 
work) established between the user's Internet access 
provider and the ISP The establishment of the tele- 
phone connection is initiated in response to actions of 
the user. For instance, the user may explicitly request a 
secure communication link or the user may request a 25 
page from the ISP that involves credit card or sensitive 
information. Alternatively, the user may send credit card 
or other payment information to the ISP to purchase 
electronically-deliverable goods/services from the ISP 
but may choose to forego an option of requesting a 30 
secure communication link for sending the credit card or 
payment information to the ISP; nevertheless, in 
response to this payment, the terminating ISP may 
choose to complete the transaction (i.e., by sending the 
electronically-deliverable good/services to the user) 35 
over a secure communication link. The Internet's 
access provider or the terminating ISP may first recog- 
nize that tiie user's actions require establishing the sep- 
arate telephone connection. In any event, the telephone 
connection may be established according to tiie user's 40 
originating Internet access SP calling the terminating 
ISP, resulting in the telephone connection charges 
being incurred by tiie originating Internet access SP 
and passed along to the user according to the normal 
established billing arrangement. Alternatively, the tele- 45 
phone connection may be established according to the 
terminating SP calling the originating SP. resulting in the 
telephone connection charges being incurred by the ter- 
minating SP (unless charges are "reversed" by, for 
example, using a special access number), who may so 
account for such costs in charges to users. After the tel- 
ephone connection is established, it is used for commu- 
nicating the sensitive information, after which the 
telephone connection is terminated. 

As may be appreciated from the foregoing, in 55 
accordance with practicing the present invention, ISP 
101 must be capable of receiving and/or transmitting 
telephone calls via LEG 1 1 7. and of associating such 
telephone calls with user's logged onto ISP 101 over the 



Internet 102. Similarly, Internet Access provider 107 
must be capat»le of receiving and/or transmitting tele- 
phone calls via LEG 106, and of associating such tele- 
phone calls with user's logged onto Internet 101 via 
telephone connections to Internet Access Provider 107. 
FIG. 3 is a functional block diagram representation 
applicable to both ISP 101 and Internet Access Provider 
107 showing the relationship between the elements that 
interact with the Internet and those tfiat interact with tiie 
telephone network. These elements include a web 
server 501 for providing information and/or interactive 
services on the Internet and a telephone line termina- 
tion unit 502, such as a PBX to terminate calls being 
placed between ISP 101 and Internet Access Provider 
107, calls from users to the Internet Access ProvkJer 
107, and other calls to or from ISP 101 (e.g.. credit card 
number verification calls) or Intemet Access Provider 
107. A control unit 503 serves as the interface between 
the web server 501 and unit 502 for comparing and 
associating information provided, over the telephone 
network with data received from the Internet, as well as 
for directing termination unit 502 to place calls in 
response to direction of web server 501. Gontrol unit 
503 may be embodied as a server or processor includ- 
ing, or separate from, web server 501. and which 
includes and controls a modem bank thiat is coupled to 
termination unit 502. Accordingly, control unit 503 is 
cooperative with web server 501 to associate a user 
with a given telephone line. 

FIG- 4 is a flowchart illustrating a payment mecha- 
nism according to the data network security method and 
system of the present invention (for convenience, 
referred to hereinbefow as DNS) in which a secure tele- 
phone connection is established by initiation of ISP 101 
in recognition of certain actions by the user at terminal 
104. . 

Actions by the user at terminal 104 inplicitiy or 
explidtiy result in a request for access to a secure page 
for communication of credit card information to iSP 101 . 
(step 401). For instance, a user browsing the web may 
encounter the web site associated with ISP 101 which 
may require payment for searching any information it 
contains (i.e.. for accessing the web site). Immediately 
upon tiiis encounter, ISP 101 queries the user whether 
the user wishes to proceed with the search of the web 
site by paying a specified access charge. If tiie user 
responds affirmatively, tiie user has inplidtiy requested 
a secure page since the ISP 101 recognizes that the 
secure page is needed for communicating credit card 
payment information. Alternatively. ISP 101 may allow 
the user to search the web site information for free, but 
may require payment for any. or certain, information that 
the user wishes to download. Then, upon the user's 
confirmed request for downloading specified informa- 
tion (e.g.. documents, files, etc.). the user has inplicitiy 
requested a secure page since tiie ISP 101 recognizes 
that a secure page must be provided for payment. 

Alterr>atively. web pages provided by ISP 101 may 
include a DNS icon such that when the user invokes 
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(i.e., dicks on) the icon, the ISP 101 is sent a message 
which explicitiy requests that the cun-ent web page on 
terminal 104 be sent bythe DNS (i.e.. that the web page 
be considered a secure page). Similarly, although the 
user may have an option for invoking DNS in order to 
purchase electronically-deliverable goods/services, the 
user may send credit card or payment information to 
ISP 101 by a conventional mechanism (e.g., over the 
Internet). From the user's actions of paying for electron- 
ical! y-deliverable goods/services. ISP 101 recognizes 
that a secure communication link should be established 
to complete the transaction by delivering the electroni- 
cally-deliverable goods/services in a manner that pro- 
tects their value to ISP 101. 

Based on these explicit and/or implicit requests 
according to the user's actions and associated condi- 
tions. ISP 101 recognizes that a secure communication 
link must be established for the secure page and thus, 
initiates a protocol for establishing a telephone connec- 
tion by querying Internet access provider 107 via Inter- 
net 102 as to whether Internet access provider 107 
supports DNS (step 403). 

If Internet access provider confirms that it supports 
DNS, ISP 101 assigns a phone number from its modem 
pool and transmits this phone nurrtoer via Internet 102 
to Internet access provider 107 (steps 405-407). Inter- 
net access provider 107 confirms recept of the phone 
number, and calls ISP 101 via the received phone 
number (step 409). ISP 101 responds to this phone call, 
thereby establishing the telephone connection for 
secure communication of sensitive information (step 
411). Notably, since ISP 101 assigned the phone 
number for a particular user. ISP 101 knows that the 
phone call received at the pre-assigned number is for 
the particular user. Where each phone number of ISP 
101 is not rigidly assigned to a particular modem. ISP 
101 can compare the dialed number, as received by ISP 
101 according to the Dialed Number Identification Serv- 
ice (DNIS) of the telephone conrpany. to identify and 
associate the received telephone call with a particular 
user identified over the Internet by a particular Internet 
network address. The term "network address" as used 
herein means the mechanism for identifying the user 
and could be the Interoet protocol address or any otiier 
mechanism for identifying the user on the Internet or on 
any other network. For those situations in which the 
DNIS may not be availal^le. and there is no rigid assign- 
ment of phone numbers with modems, ISP 1 01 supplies 
Internet access provider 107 with an identification 
number over the Internet which is transmitted by Inter- 
net access provider 107 via the established telephone 
connection to ISP 101. ISP 101 cantiien identify tfie tel- 
ephone call with the particular user. Alternatively, Inter- 
net access provider 107 can serxj user identification 
information already known to ISP 101 (e.g.. Internet net- 
work address) over the telephone connection, without 
having received some identification number/information 
from ISP 101. Thus, in any event. ISP 101 knows that 
any information received on the established phone con- 



nection is for the particular user, and similarly, tinat sen- 
sitive information to be sent to the particular user should 
be sent on the particular established phone connection. 
It is noted, that even where ISP 101 can klentify a 

5 received telephone call as assodated with a particular 
user independently of any information sent over the 
phone connection, it still may be advantageous for a 
user identification to be sent over the phone connection 
in order to confirm that the phone connection is associ- 

10 ated with the particular user. 

It is understood that rather than having Internet 
access provider 107 call ISP 101. ISP 101 could call 
Internet access provider 107 at a number provided to 
ISP 101 in conjunction with confirming DNS support, 

15 However, it is preferable that Internet access provider 
107 place the call to a phone number provided by ISP 
101 in ofder to thwart an eavesdropper who intercepts 
the phone number information and, if tiie phone number 
were transmitted from Internet access provider 107 to 

20 ISP 101, could rapidly place a phone call to the Internet 
access provider 107 before ISP 101 places the call, and 
pretend to be ISP 101 . thereby receiving the credit card 
or sensitive information from Internet access provider 
101. Further, it is more convenient for Internet access 

25 provider 107 to place the call so that the assodated tel- 
ephone charges can be easily billed to the user. 

More generally, preferably the server that will first 
send credit card or other sensitive or valuable informa- 
tion should not provide the phone number to the other 

30 server which would place a call to that phone nurrtoer. in 
order to avoid such disguised interception by an eaves- 
dropper who need not provide any payment or other 
sensitive or valuable information to the called server 
before receiving payment or other sensitive or valuable 

35 information from the called server (even if a protocol 
required the calling party to provide some confirmation 
or identification information to the called party, the 
eavesdropper likely will have intercepted or accessed 
this confirmation or identification information). 

40 By this mechanism, for a bi-directional t'ansaction 
(e.g., payment for electronically deliverable goods/serv- 
ices), Internet access provider 107 could provide the 
phone number for ISP 101 to call if ISP 101 agrees to 
send its information first. Then, if an eavesdropper inter- 
ns cepted the phone number and placed the call to Internet 
access provider 107, the eavesdropper could not 
receive the payment or other sensitive or valuable infor- 
mation from Internet access provider since the eaves- 
dropper must first provide such information, which the 

50 eavesdropper does not have, to Internet access pro- 
vider 107. 

Of course, it necessarily follows that if there will be 
^ only uni-directional transfer of payment or other sensi- 
tive or valuable information over the telephone connec- 
55 tion, ttien preferably the server that will send credit card 
or other sensitive or valuak>le information should not 
provide the phone number to the otfier server which 
would place a call to that phone number for reception of 
the call by the server that will send the payment or other 
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sensitive or valuable information. 

If the telephone connection is successfully estab- 
lished, credit card or other sensitive inforniation is com- 
municated over the secure telephone connection (step 
413). This communication may involve sensitive infor- 
mation communication from the user to ISP 101 and/or 
sensitive information communication from ISP 101 to 
the user (e.g., electronically deliverable goods/serv- 
ices). Prior to delivering electronically deliverable 
goods/services or authorizing delivery of non-electroni- 
cally deliverable goods, terminating ISP 101 preferably 
verifies the credit card information by placing a separate 
telephone call to credit card verification facilities. 

Preferably, when sensitive information is to be 
transmitted from the user to ISP 101, ISP 101 first 
sends a confirmation to the user indicating whetiier 
DNS is active. For instance, it may not be possible to 
establish the DNS secure telephone connection 
because DNS is not supported by Internet access pro- 
vider 107. or because ISP 101 does not receive a call 
within predetermined period of time. etc. This confirma- 
tion allows the user to decide whether to send the user's 
sensitive information to ISP l>ased on whether DNS is 
active. For instance, if DNS were inactive, the user 
would decide whether to send the credit card info by 
conventional encrypted communications over the Inter- 
net 1 02, or to abort payment ISP 101 may preempt this 
option if electronically deliveratrfe goods/services are to 
be delivered by ISP 101. since with DNS inactive ISP 
101 may not wish to deliver certain valuable goods over 
the Internet. 

Once the sensitive information has been 
exchanged, the DNS phone connection is terminated 
and ISP 101 returns the previously reserved phone 
number to the pool of available phone numbers that can 
be assigned (steps 415-417). Various mechanisms are 
possible for terminating the connection. For instance, 
ISP 101 may drop the phone connection once ISP 101 
recognizes that all sensitive information has been com- 
municated and that a subsequent user action does not 
require further secure communications capability. Alter- 
natively, ISP 101 can communicate to Internet access 
provider 107 over the Internet the nurrtoer of secure 
pages that will be transmitted, and Internet access pro- 
vider 107 may drop the connection after it has transmit- 
ted the specified number of pages between user and 
ISP 101 . Alternatively. Internet access provider 107 may 
drop the connection once it recognizes from monitoring 
the secure access field in the TCP/IP protocol of trans- 
mitted pages (packets) from the user to ISP 101 that the 
page (packet) being transmitted from the user to ISP is 
no longer designated a secure page. Alternatively, the 
user may be provided with an icon which, when 
selected, sends a message to ISP 101 or to Internet 
access provider 107 to terminate the DNS connection 
such that further communications are over the Internet 

FIG. 5 is a flowchart illustrating another enr±)odi- 
ment of the data network security method and system of 
the present invention in which a telephone connection is 



established by initiation of Internet access provider 107 
in recognition of certain actions by the user at terminal 
104. 

Actions by the user at terminal 104 inplicitiy or 

5 explidtiy result in a request for access to a secure page 
for communication of credit card information to ISP 101 . 
(step 501). For instance. Internet access provider 107 
may include as part of a web browser a DNS icon such 
that when ttie user invokes (r.e., clicks on) the icon, 

10 Internet iaccess provider 107 is sent a message which 
explidtiy requests tiiat the current web page on terminal 
104 be sent by the DNS (i.e.. that the web page be con- 
sidered a secure page), or that all subsequent transmis- 
sions, until otherwise notified by the user (e.g.. by 

15 dicking on an icon to deactivate DNS) to ISP 101 occur 
over a DNS connection. Alternatively. Internet access 
provider 107 may monitor the secure access fieki in the 
TCP/IP protocol of transmitted pages (packets) from the 
user to ISP 101 to identify pages that should be trans- 

20 mitted by the DNS mechanism. . 

Based on tiiese explidt and/or implidt requests 
according to the user*s actions and assodated condi- 
tions, Internet access provider 107 recognizes that a 
secure communication link must be established for the 

25 secure page and thus, initiates a protocol for establish- 
ing a telephone connection by querying ISP 101 via 
Internet 102 as to whetiier ISP 101 supports DNS (step 
503). 

If ISP 101 confirms that it supports DNS, ISP 101 

30 assigns a phone number from its rtKxJem pool and 
transmits this phone number via Intemet 102 to Internet 
access provider 107 (steps 505-507). The subsequent 
steps for establishing the connection proceed similarly 
to the previous errtoodiment Internet access provider 

35 1 07 confirms receipt of the phone nuni^er, and calls ISP 
101 via the received phone number (step 509). ISP 101 
responds to this phone call, thereby establishing the tel- 
ephone connection for secure communication of sensi- 
tive information (step 51 1). If the telephone connection 

40 is successfully established, credit card or other sensitive 
information is communicated over the secure telephone 
connection (step 513). Preferably when sensitive infor- 
mation is to be transmitted from the user to ISP 101. 
Internet access provider 107 first sends a confirmation 

45 to the user indicating whether DNS is active. Once the 
sensitive information has been exchanged, the DNS 
phone connection is terminated and ISP 101 returns the 
previously reserved phone number to the pool of availa- 
ble phone numbers that can be assigned (steps 515- 

50 517). 

It may be appreciated, therefore, that tiie present 
invention provides many features, advantages, and 
attendant advantages for users and service providers 
on data networks. From the user's standpoint, a secure 
55 payment method is availat>le which frees use for previ- 
ously offerred but inadvisable transactions, thereby 
effectively providing the user with not only convenience 
txjt also with information, services, and goods previ- 
ously not easily located or available external to the Inter- 
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net. From the ISP's standpoint, a method of receiving 
payment is provided which facilitates increasing the 
market ar»d demand for the supplied information and/or 
interactive services, and/or non-electronic goods or 
services- In addition, the secure communication method 5 
should result in increased use and development of the 
Internet as well as reduced cost to the user. 

Although the above desaiption provides many spe- 
cificities, these enabling details should not be construed 
as limiting the scope of the invention, and it will be read- 10 
ily understood by those persons skilled in the art that 
the present invention is susceptible to many modifica- 
tions, adaptations, and equivalent implementations 
without departing from this scope. 

For instance, it is understood that the operational 75 
flows shown in FIGs. 4 and 5 are merely illustrative, and 
the steps shown and described are not all essential for 
practicing the invention and are not limiting of additional 
or alternative steps that may be included for practicing 
various embodiments of the invention. For example, for 20 
additional security it may be desired to encrypt the 
credit card information that is ti-ansferred over the tele- 
phone connection. Also, as discussed above, it may be 
appreciated that an ISP may rely on the DNS mecha- 
nism for enhanced security to transfer electronically 25 
deliverable goods to a user who has purchased the 
goods, regardless of whetiier the DNS mechanism is 
used (e.g., because of on user choice, or unavailability 
of DNS to the user) to convey the user's credit card 
information to the ISR 30 

In addition, although the present invention has 
been described hereinabove primarily in connection 
with the payment for information and/or interactive serv- 
ices of the type generally available to a user on the 
Internet or other data network, the present invention 35 
could readily be applied to the provision to the user of 
any type of information and/or services to a user on a 
first connection over a network of any type, with billing 
being effected for that information and/or services on a 
second connection through the telephone network. 40 
Thus, the present invention could could also be used for 
teleconferencing services, video services, TV services 
provided by cable and/or broadcast mediums, and inter- 
active services such as. games, bulletin boards and chat 
mediums. It is to be understood that the term "informa- 45 
Won and/or interactive services" is to include all of these 
types of information and services, and all otfier types 
not specifically mentioned. The network over which the 
information and/or interactive services can be provided 
can be a wired or wireless data network, or a wired or so 
wireless analog network The signals ti*ansmitted on the 
wired network can be electrical or optical in nature. 
Also, while the hereinabove embodiment has been 
described with reference to a telephone call being 
placed over an IXC network, the telephone call may be 55 
established within an LEG without special handling by 
IXC, where the ISP and Internet access provider are 
connected to the same LEG. 



Claims 

1. A method for communicating information between 
an originating server and a terminating server 
which are connected over a data network by a first 
communications link, said method characterized by 
the steps of: 

establishing, while said first communications 
link is active, a separate connection between 
sakj originating server and said terminating 
server, said separate connection independent 
of said first communications link; and 
transmitting said information via the separate 
connection. 

2. The method according to daim 1 , characterized in 
that said separate connection is a telephone con- 
nection. 

3. The method according to daim 1, further character- 
ized by the step of terminating said separate con- 
nection after transmitting said information. 

4. The method according to daim 1 , further character- 
ized by a user terminal connected to said originat- 
ing server, wherein said information is 
communicated between said user terminal and said 
originating server, thereby communicating the infor- 
mation between said user terminal and said termi- 
nating server. 

5. The method according to daim 4, characterized in 
that said step of transmitting said information 
indudes said user terminal transmitting payment 
information to said terminating server, 

6. The method according to daim 4, characterized in 
that said step of transmitting said infbrrriation 
indudes said terminating server fransmitting elec- 
tronic information to said user terminal in response 
to payment information received from said user ter- 
minal via said first connection or said separate con- 
nection. 

7. The method according to daim 4, characterized in 
that said step of establishing a separate connection 
is invoked in response to actions at the user termi- 
nal. 

8. The method according to daim 1 , characterized in 
that said terminating server initiates the step of 
establishing the separate connection. 

9. The method according to daim 1 , characterized ia 
tinat said originating server initiates tiie step of 
establishing the telephone connection. 

1 0. The method according to claim 1 , characterized in 
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- that said step of establishing the separate connec- 
tion includes the steps of: 

sard originating server providing a telephone 
number to said terminating server over the first 
communications fink on the data network; 
said terminating server placing a call using said 
telephone number; and 
said originating server receiving said call. 

11 . A method for communicating information between a 
user and a terminating server, said user connected 
to said terminating server via an accessing server 
which is connected to said terminating server over 
a data network by a first communications link, said 
method characterized by the steps of: 

at the terminating server: 

associating a telephone call with said user; 
establishing, in coordination with said 
accessing server, a telephone connection 
with said originating server; 
communicating said information with said 
accessing server via said telephone con- 
nection; 

at the accessing server: 

establishing, in coordination with said ter- 
minating server, said telephone connec- 
tion; 

associating said telephone connection with 
said user; 

communicating said information with said 
terminating server via said telephone con- 
nection; and 

communicating said information with said 
User. 

12. A system for secure communication, said system 
characterized by: 

an originating server; 

a terminating server connected over a data 
network by a first communications link to said origi- 
nating server; 

means for establishing a second connection 
between said originating server and said terminat- 
ing server; and 

means for transmitting said information via 
the second connection while said first communica- 
tions link is active. 

13. The system according to daim 12, characterized in 
that said second connection is a telephone connec- 
tion. 

14. The system according to daim 12, characterized in 
that said second connection is over a network sep- 



arate from said data network. 

15. The system according to claim 12, further charac- 
terized by a user terminal connected to said origi- 

5 nating server, and wherein said information 

includes payment information communicated to the 
terminating server from \he user terminal. 

1 6. A method for communicating first sensitive informa- 
10 tion possessed by a first party to a second party. 

and communicating second sensitive information 
possessed by the second party to the first party, 
said first party connected over a data network to 
said second party by a first communication link, 
15 said metfiod characterized by tine steps of: 

transmitting a phone nun*er from one of said 
first party and second party to the otiier one of 
said first party and second party; 
20 placing a call, using said- phone number, from 

said other one of said first party and second 
party to said one of said first party and second 
party; and 

receiving said call at said one of said first party 
25 and secorvd party to provide a secure tele- 

phone connection between the first -party and 
the second party; ^ 
transmitting said first sensitive information and 
said second sensitive information over said 
30 secure telephone connection; 

wherein when the first sensitive information 
is transmitted before transmitting the second sensi- 
tive information, said step of transmitting a phone 
35 number is from the first party to the second party, 
and wherein when the second sensitive information 
is transmitted before transmitting the first sensitive 
information, said step of transmitting a phone 
nurrtoer is from tiie second party to the first party. 
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FIG. 3 
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FIG. 4 



USER REQUESTS ACCESS 
TO SECURE PAGE 



RECEIVING SERVER RECOGNIZES 
THAT REQUESTED PAGE IS TO BE 
SECURE. ASKS SENDING SERVER 
IF IT IS BIS EQUIPPED 



SENDING SERVER VERIHES 
BIS COMPAneiLITY 



RECEIVING SERVER RESERVES PHONE 
NUMBER FROM ITS POOL, TRANSMITS 
PHONE NUMBER TO SENDING SERVER 



SENDING SERVER. CONFIRMS, CALLS 
RECEIVING SERVER VIA RECEIVED NUMBER 



RECEIVING SERVER ANSWERS. 
KNOWS WHO IS CALUNG 



SENSITIVE INFORMAnON IS 
EXCHANGED VIA THE TELEPHONE UNE 



AFTER INFORMATION EXCHANGE, 
PHONE UNE DROPPED 



PREVIOUSLY RESERVED PHONE 
NUMBER RETURNED TO POOL 



13 



EP 0 801 479 A1 



European Patent 
Office 



EUROPEAN SEARCH REPORT 



Application Number 

EP 96 12 0794 



DOCUMENTS CONSIDERED TO BE RELEVANT 



Citation of docuaient with iiuiic»don, 
of retevnt passages 



appropnate. 



Relevant 
to ctaim 



CXASSinCATlON OF THE 
APPUCATION (In(.Ct.6) 



GB 2 283 154 A (QUEST STANDARD 
TELEMATIQUE) 

* page 6, line 7 - page 9, line 14 * 

* figure 2 * 

US 4 996 685 A (T.R.FARESE ET AL) 

* column 6, line 58 - coluiim 8, line 37 * 

EP 0 781 349 A (TRT) 

* claim 1 * 

* abstract * 



1-16 



1-16 



1-4. 
12-14 



H04L9/32 
HO4L29/O0 



TECHNICAL FIELDS 
SEARCHED (lat.CL6) 



H04L 

G06F 
G07F 



The present scarcfa report has been drawn up for all datras 



THE HAGUE 



OMm of rwpl*lfa»« W IW Mwdi 

3 June 1997 



Canosa Areste, C 



CATEGORY OF OTED DOCUMENTS 

X : particulaiiy rctevuc If takes ilo«« 

Y : partiailaHy rdevaat if cocabuicd with uothcr 

document of tbe suo« catc^ry 
A : technological bacJcgroonri 
O : ooa-writtcii disclosure 
P : iatcnocdiatc docuracai 



T : theory or principle uaderiying the invention 
E : eartier patent document, but published on, or 

after the fttiof; date 
D : document dtH in the application 
L : document died for other reasons 

& : member of the same patent fuaily, corresponding 
document 



14 



